1 /*
2 * Copyright (c) 2025 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "accesstoken_kit_coverage_test.h"
17 #include <thread>
18
19 #include "access_token.h"
20 #include "access_token_error.h"
21 #include "accesstoken_common_log.h"
22 #include "accesstoken_service_ipc_interface_code.h"
23 #include "hap_token_info.h"
24 #include "nativetoken_kit.h"
25 #include "permission_grant_info.h"
26 #include "permission_state_change_info_parcel.h"
27 #include "string_ex.h"
28 #include "test_common.h"
29 #include "tokenid_kit.h"
30 #include "token_setproc.h"
31 #define private public
32 #include "accesstoken_manager_client.h"
33 #undef private
34
35 using namespace testing::ext;
36
37 namespace OHOS {
38 namespace Security {
39 namespace AccessToken {
40 namespace {
41 static constexpr int32_t DEFAULT_API_VERSION = 8;
42 static const std::string TEST_BUNDLE_NAME = "ohos";
43 static const std::string TEST_PERMISSION_NAME_ALPHA = "ohos.permission.ALPHA";
44 static const std::string TEST_PERMISSION_NAME_BETA = "ohos.permission.BETA";
45 static const int TEST_USER_ID = 0;
46 uint64_t g_selfShellTokenId;
47 }
48
SetUpTestCase()49 void AccessTokenCoverageTest::SetUpTestCase()
50 {
51 g_selfShellTokenId = GetSelfTokenID();
52 TestCommon::SetTestEvironment(g_selfShellTokenId);
53 }
54
TearDownTestCase()55 void AccessTokenCoverageTest::TearDownTestCase()
56 {
57 SetSelfTokenID(g_selfShellTokenId);
58 TestCommon::ResetTestEvironment();
59 }
60
SetUp()61 void AccessTokenCoverageTest::SetUp()
62 {
63 g_selfShellTokenId = GetSelfTokenID();
64 LOGI(ATM_DOMAIN, ATM_TAG, "SetUp ok.");
65 }
66
TearDown()67 void AccessTokenCoverageTest::TearDown()
68 {
69 EXPECT_EQ(0, SetSelfTokenID(g_selfShellTokenId));
70 }
71
72 class CbCustomizeTest : public PermStateChangeCallbackCustomize {
73 public:
CbCustomizeTest(const PermStateChangeScope & scopeInfo)74 explicit CbCustomizeTest(const PermStateChangeScope &scopeInfo)
75 : PermStateChangeCallbackCustomize(scopeInfo)
76 {
77 }
78
~CbCustomizeTest()79 ~CbCustomizeTest()
80 {}
81
PermStateChangeCallback(PermStateChangeInfo & result)82 virtual void PermStateChangeCallback(PermStateChangeInfo& result)
83 {
84 ready_ = true;
85 int32_t status = (result.permStateChangeType == 1) ? PERMISSION_GRANTED : PERMISSION_DENIED;
86 ASSERT_EQ(status, AccessTokenKit::VerifyAccessToken(result.tokenID, result.permissionName));
87 }
88
89 bool ready_;
90 };
91
92 /**
93 * @tc.name: PermStateChangeCallback001
94 * @tc.desc: PermissionStateChangeCallback::PermStateChangeCallback function test.
95 * @tc.type: FUNC
96 * @tc.require: issueI61NS6
97 */
98 HWTEST_F(AccessTokenCoverageTest, PermStateChangeCallback001, TestSize.Level1)
99 {
100 PermStateChangeInfo result = {
101 .permStateChangeType = 0,
102 .tokenID = 123,
103 .permissionName = "ohos.permission.CAMERA"
104 };
105
106 std::shared_ptr<CbCustomizeTest> callbackPtr = nullptr;
107 std::shared_ptr<PermissionStateChangeCallback> callback = std::make_shared<PermissionStateChangeCallback>(
108 callbackPtr);
109 ASSERT_NE(callback, nullptr);
110
111 callback->PermStateChangeCallback(result);
112 ASSERT_EQ(callback->customizedCallback_, nullptr);
113 callback->Stop();
114 }
115
116 class TestCallBack : public PermissionStateChangeCallbackStub {
117 public:
118 TestCallBack() = default;
119 virtual ~TestCallBack() = default;
120
PermStateChangeCallback(PermStateChangeInfo & result)121 void PermStateChangeCallback(PermStateChangeInfo& result)
122 {
123 GTEST_LOG_(INFO) << "PermStateChangeCallback, tokenID is " << result.tokenID;
124 }
125 };
126
127 /**
128 * @tc.name: OnRemoteRequest001
129 * @tc.desc: StateChangeCallbackStub::OnRemoteRequest function test
130 * @tc.type: FUNC
131 * @tc.require: issueI61A6M
132 */
133 HWTEST_F(AccessTokenCoverageTest, OnRemoteRequest001, TestSize.Level1)
134 {
135 PermStateChangeInfo info = {
136 .permStateChangeType = 0,
137 .tokenID = 123,
138 .permissionName = "ohos.permission.CAMERA"
139 };
140
141 TestCallBack callback;
142 PermissionStateChangeInfoParcel infoParcel;
143 infoParcel.changeInfo = info;
144
145 OHOS::MessageParcel data;
146 std::string descriptor = "I don't know";
147 data.WriteInterfaceToken(OHOS::Str8ToStr16(descriptor));
148 ASSERT_EQ(true, data.WriteParcelable(&infoParcel));
149
150 OHOS::MessageParcel reply;
151 OHOS::MessageOption option(OHOS::MessageOption::TF_SYNC);
152 ASSERT_NE(0,
153 callback.OnRemoteRequest(static_cast<uint32_t>(AccesstokenStateChangeInterfaceCode::PERMISSION_STATE_CHANGE),
154 data, reply, option)); // descriptor false
155
156 ASSERT_EQ(true, data.WriteInterfaceToken(IPermissionStateCallback::GetDescriptor()));
157 ASSERT_EQ(true, data.WriteParcelable(&infoParcel));
158 uint32_t code = 10;
159 ASSERT_NE(0, callback.OnRemoteRequest(code, data, reply, option)); // descriptor true + msgCode false
160 }
161
162 /**
163 * @tc.name: CreatePermStateChangeCallback001
164 * @tc.desc: AccessTokenManagerClient::CreatePermStateChangeCallback function test
165 * @tc.type: FUNC
166 * @tc.require: issueI61A6M
167 */
168 HWTEST_F(AccessTokenCoverageTest, CreatePermStateChangeCallback001, TestSize.Level1)
169 {
170 std::vector<std::string> reqPerm;
171 reqPerm.emplace_back("ohos.permission.GET_SENSITIVE_PERMISSIONS");
172 MockHapToken mock("CreatePermStateChangeCallback001", reqPerm, true);
173
174 std::vector<std::shared_ptr<CbCustomizeTest>> callbackList;
175
176 uint32_t times = 201;
177 for (uint32_t i = 0; i < times; i++) {
178 PermStateChangeScope scopeInfo;
179 scopeInfo.permList = {};
180 scopeInfo.tokenIDs = {};
181 auto callbackPtr = std::make_shared<CbCustomizeTest>(scopeInfo);
182 callbackList.emplace_back(callbackPtr);
183 int32_t res = AccessTokenKit::RegisterPermStateChangeCallback(callbackPtr);
184
185 if (i == 200) {
186 EXPECT_EQ(AccessTokenError::ERR_CALLBACKS_EXCEED_LIMITATION, res);
187 break;
188 }
189 }
190
191 for (uint32_t i = 0; i < 200; i++) {
192 ASSERT_EQ(0, AccessTokenKit::UnRegisterPermStateChangeCallback(callbackList[i]));
193 }
194
195 std::shared_ptr<PermStateChangeCallbackCustomize> customizedCb = nullptr;
196 AccessTokenKit::RegisterPermStateChangeCallback(customizedCb); // customizedCb is null
197 }
198
199 /**
200 * @tc.name: InitProxy001
201 * @tc.desc: AccessTokenManagerClient::InitProxy function test
202 * @tc.type: FUNC
203 * @tc.require: issueI61A6M
204 */
205 HWTEST_F(AccessTokenCoverageTest, InitProxy001, TestSize.Level1)
206 {
207 ASSERT_NE(nullptr, AccessTokenManagerClient::GetInstance().proxy_);
208 OHOS::sptr<IAccessTokenManager> proxy = AccessTokenManagerClient::GetInstance().proxy_; // backup
209 AccessTokenManagerClient::GetInstance().proxy_ = nullptr;
210 ASSERT_EQ(nullptr, AccessTokenManagerClient::GetInstance().proxy_);
211 AccessTokenManagerClient::GetInstance().InitProxy(); // proxy_ is null
212 AccessTokenManagerClient::GetInstance().proxy_ = proxy; // recovery
213 }
214
215 /**
216 * @tc.name: AllocHapToken001
217 * @tc.desc: AccessTokenKit::AllocHapToken function test
218 * @tc.type: FUNC
219 * @tc.require: issueI61A6M
220 */
221 HWTEST_F(AccessTokenCoverageTest, AllocHapToken001, TestSize.Level1)
222 {
223 HapInfoParams info;
224 HapPolicyParams policy;
225 info.userID = -1;
226 AccessTokenKit::AllocHapToken(info, policy);
227 ASSERT_EQ(-1, info.userID);
228 }
229
230 /**
231 * @tc.name: VerifyAccessToken005
232 * @tc.desc: AccessTokenKit::VerifyAccessToken function test
233 * @tc.type: FUNC
234 * @tc.require: issueI61A6M
235 */
236 HWTEST_F(AccessTokenCoverageTest, VerifyAccessToken005, TestSize.Level1)
237 {
238 HapInfoParams info = {
239 .userID = TEST_USER_ID,
240 .bundleName = "accesstoken_test3",
241 .instIndex = 0,
242 .appIDDesc = "test3",
243 .apiVersion = DEFAULT_API_VERSION
244 };
245 PermissionStateFull permState = {
246 .permissionName = "ohos.permission.GET_BUNDLE_INFO",
247 .isGeneral = true,
248 .resDeviceID = {"local3"},
249 .grantStatus = {PermissionState::PERMISSION_GRANTED},
250 .grantFlags = {1}
251 };
252
253 HapPolicyParams policy = {
254 .apl = APL_NORMAL,
255 .domain = "test.domain3",
256 .permStateList = {permState}
257 };
258
259 AccessTokenIDEx tokenIdEx = {0};
260 ASSERT_EQ(RET_SUCCESS, TestCommon::AllocTestHapToken(info, policy, tokenIdEx));
261 AccessTokenID callerTokenID = tokenIdEx.tokenIdExStruct.tokenID;
262 ASSERT_NE(INVALID_TOKENID, callerTokenID);
263 AccessTokenID firstTokenID;
264
265 // ret = PERMISSION_GRANTED + firstTokenID = 0
266 std::string permissionName = "ohos.permission.GET_BUNDLE_INFO";
267 firstTokenID = 0;
268 ASSERT_EQ(PermissionState::PERMISSION_GRANTED, AccessTokenKit::VerifyAccessToken(
269 callerTokenID, firstTokenID, permissionName, false));
270
271 firstTokenID = 1;
272 // ret = PERMISSION_GRANTED + firstTokenID != 0
273 ASSERT_EQ(PermissionState::PERMISSION_DENIED, AccessTokenKit::VerifyAccessToken(
274 callerTokenID, firstTokenID, permissionName, false));
275 TestCommon::DeleteTestHapToken(callerTokenID);
276
277 callerTokenID = 0;
278 // ret = PERMISSION_DENIED
279 ASSERT_EQ(PermissionState::PERMISSION_DENIED, AccessTokenKit::VerifyAccessToken(
280 callerTokenID, firstTokenID, permissionName, false));
281 }
282
283 /**
284 * @tc.name: GetRenderTokenIDTest001
285 * @tc.desc: TokenIdKit::GetRenderTokenID function test
286 * @tc.type: FUNC
287 * @tc.require: issueI7MOA1
288 */
289 HWTEST_F(AccessTokenCoverageTest, GetRenderTokenIDTest001, TestSize.Level1)
290 {
291 uint64_t validTokenID = GetSelfTokenID();
292 uint64_t retTokenId = validTokenID;
293
294 retTokenId = TokenIdKit::GetRenderTokenID(validTokenID);
295 ASSERT_NE(retTokenId, validTokenID);
296 ASSERT_NE(retTokenId, INVALID_TOKENID);
297 }
298
299 /**
300 * @tc.name: GetRenderTokenIDTest002
301 * @tc.desc: TokenIdKit::GetRenderTokenID function test
302 * @tc.type: FUNC
303 * @tc.require: issueI7MOA1
304 */
305 HWTEST_F(AccessTokenCoverageTest, GetRenderTokenIDTest002, TestSize.Level1)
306 {
307 uint64_t invalidTokenID = 0;
308 uint64_t retTokenId = 1; /* 1, for testing purposes */
309
310 retTokenId = TokenIdKit::GetRenderTokenID(invalidTokenID);
311 ASSERT_EQ(invalidTokenID, retTokenId);
312 }
313
314 /**
315 * @tc.name: GetRenderTokenIDTest003
316 * @tc.desc: AccessTokenKit::GetRenderTokenID function test
317 * @tc.type: FUNC
318 * @tc.require:
319 */
320 HWTEST_F(AccessTokenCoverageTest, GetRenderTokenIDTest003, TestSize.Level1)
321 {
322 uint64_t invalidTokenID = 0;
323 uint64_t retTokenId = 1; /* 1, for testing purposes */
324
325 retTokenId = AccessTokenKit::GetRenderTokenID(invalidTokenID);
326 ASSERT_EQ(invalidTokenID, retTokenId);
327 }
328
329 #ifdef TOKEN_SYNC_ENABLE
330 namespace {
331 class TokenSyncCallbackStubTest : public TokenSyncCallbackStub {
332 public:
333 TokenSyncCallbackStubTest() = default;
334 virtual ~TokenSyncCallbackStubTest() = default;
335
GetRemoteHapTokenInfo(const std::string & deviceID,AccessTokenID tokenID)336 int32_t GetRemoteHapTokenInfo(const std::string& deviceID, AccessTokenID tokenID) override
337 {
338 return 0;
339 };
DeleteRemoteHapTokenInfo(AccessTokenID tokenID)340 int32_t DeleteRemoteHapTokenInfo(AccessTokenID tokenID) override
341 {
342 return 0;
343 };
344
UpdateRemoteHapTokenInfo(const HapTokenInfoForSync & tokenInfo)345 int32_t UpdateRemoteHapTokenInfo(const HapTokenInfoForSync& tokenInfo) override
346 {
347 return 0;
348 };
349 };
350
351 static const int32_t FAKE_SYNC_RET = 0xabcdef;
352 class TokenSyncCallbackImpl : public TokenSyncKitInterface {
353 public:
~TokenSyncCallbackImpl()354 ~TokenSyncCallbackImpl()
355 {}
356
GetRemoteHapTokenInfo(const std::string & deviceID,AccessTokenID tokenID) const357 int32_t GetRemoteHapTokenInfo(const std::string& deviceID, AccessTokenID tokenID) const override
358 {
359 LOGI(ATM_DOMAIN, ATM_TAG, "GetRemoteHapTokenInfo called.");
360 return FAKE_SYNC_RET;
361 };
362
DeleteRemoteHapTokenInfo(AccessTokenID tokenID) const363 int32_t DeleteRemoteHapTokenInfo(AccessTokenID tokenID) const override
364 {
365 LOGI(ATM_DOMAIN, ATM_TAG, "DeleteRemoteHapTokenInfo called.");
366 return FAKE_SYNC_RET;
367 };
368
UpdateRemoteHapTokenInfo(const HapTokenInfoForSync & tokenInfo) const369 int32_t UpdateRemoteHapTokenInfo(const HapTokenInfoForSync& tokenInfo) const override
370 {
371 LOGI(ATM_DOMAIN, ATM_TAG, "UpdateRemoteHapTokenInfo called.");
372 return FAKE_SYNC_RET;
373 };
374 };
375 };
376
377 /**
378 * @tc.name: TokenSyncCallbackStubTest001
379 * @tc.desc: TokenSyncCallbackStub OnRemoteRequest deny test
380 * @tc.type: FUNC
381 * @tc.require:
382 */
383 HWTEST_F(AccessTokenCoverageTest, TokenSyncCallbackStubTest001, TestSize.Level1)
384 {
385 TokenSyncCallbackStubTest callback;
386
387 OHOS::MessageParcel data;
388 std::string descriptor = "I don't know";
389 data.WriteInterfaceToken(OHOS::Str8ToStr16(descriptor));
390
391 OHOS::MessageParcel reply;
392 OHOS::MessageOption option(OHOS::MessageOption::TF_SYNC);
393 EXPECT_EQ(ERROR_IPC_REQUEST_FAIL,
394 callback.OnRemoteRequest(static_cast<uint32_t>(TokenSyncCallbackInterfaceCode::GET_REMOTE_HAP_TOKEN_INFO),
395 data, reply, option)); // descriptor false
396 }
397
398 /**
399 * @tc.name: TokenSyncCallbackStubTest002
400 * @tc.desc: TokenSyncCallbackStub OnRemoteRequest err code
401 * @tc.type: FUNC
402 * @tc.require:
403 */
404 HWTEST_F(AccessTokenCoverageTest, TokenSyncCallbackStubTest002, TestSize.Level1)
405 {
406 TokenSyncCallbackStubTest callback;
407 OHOS::MessageParcel data;
408 data.WriteInterfaceToken(ITokenSyncCallback::GetDescriptor());
409
410 OHOS::MessageParcel reply;
411 OHOS::MessageOption option(OHOS::MessageOption::TF_SYNC);
412 EXPECT_NE(0, callback.OnRemoteRequest(static_cast<uint32_t>(0xff), // code false
413 data, reply, option));
414 }
415
416 /**
417 * @tc.name: TokenSyncCallbackStubTest003
418 * @tc.desc: TokenSyncCallbackStub OnRemoteRequest deny call
419 * @tc.type: FUNC
420 * @tc.require:
421 */
422 HWTEST_F(AccessTokenCoverageTest, TokenSyncCallbackStubTest003, TestSize.Level1)
423 {
424 TokenSyncCallbackStubTest callback;
425 OHOS::MessageParcel data;
426 data.WriteInterfaceToken(ITokenSyncCallback::GetDescriptor());
427
428 OHOS::MessageParcel reply;
429 OHOS::MessageOption option(OHOS::MessageOption::TF_SYNC);
430 EXPECT_EQ(0, callback.OnRemoteRequest(
431 static_cast<uint32_t>(TokenSyncCallbackInterfaceCode::GET_REMOTE_HAP_TOKEN_INFO),
432 data, reply, option));
433 EXPECT_EQ(ERR_IDENTITY_CHECK_FAILED, reply.ReadInt32());
434
435 data.WriteInterfaceToken(ITokenSyncCallback::GetDescriptor());
436 EXPECT_EQ(0, callback.OnRemoteRequest(
437 static_cast<uint32_t>(TokenSyncCallbackInterfaceCode::DELETE_REMOTE_HAP_TOKEN_INFO),
438 data, reply, option));
439 EXPECT_EQ(ERR_IDENTITY_CHECK_FAILED, reply.ReadInt32());
440
441 data.WriteInterfaceToken(ITokenSyncCallback::GetDescriptor());
442 EXPECT_EQ(0, callback.OnRemoteRequest(
443 static_cast<uint32_t>(TokenSyncCallbackInterfaceCode::UPDATE_REMOTE_HAP_TOKEN_INFO),
444 data, reply, option));
445 EXPECT_EQ(ERR_IDENTITY_CHECK_FAILED, reply.ReadInt32());
446 }
447
448 /**
449 * @tc.name: TokenSyncCallbackStubTest004
450 * @tc.desc: TokenSyncCallbackStub OnRemoteRequest normal call
451 * @tc.type: FUNC
452 * @tc.require:
453 */
454 HWTEST_F(AccessTokenCoverageTest, TokenSyncCallbackStubTest004, TestSize.Level1)
455 {
456 setuid(3020); // ACCESSTOKEN_UID
457
458 TokenSyncCallbackStubTest callback;
459 OHOS::MessageParcel data;
460 OHOS::MessageParcel reply;
461 OHOS::MessageOption option(OHOS::MessageOption::TF_SYNC);
462
463 data.WriteInterfaceToken(ITokenSyncCallback::GetDescriptor());
464 data.WriteString("test deviceID"); // test deviceID
465 data.WriteUint32(0); // test tokenid
466 EXPECT_EQ(0, callback.OnRemoteRequest(
467 static_cast<uint32_t>(TokenSyncCallbackInterfaceCode::GET_REMOTE_HAP_TOKEN_INFO),
468 data, reply, option));
469 EXPECT_EQ(0, reply.ReadInt32());
470
471 data.WriteInterfaceToken(ITokenSyncCallback::GetDescriptor());
472 data.WriteUint32(0); // test tokenid
473 EXPECT_EQ(0, callback.OnRemoteRequest(
474 static_cast<uint32_t>(TokenSyncCallbackInterfaceCode::DELETE_REMOTE_HAP_TOKEN_INFO),
475 data, reply, option));
476 EXPECT_EQ(0, reply.ReadInt32());
477
478 data.WriteInterfaceToken(ITokenSyncCallback::GetDescriptor());
479 HapTokenInfoForSync info;
480 HapTokenInfoForSyncParcel tokenInfoParcel;
481 tokenInfoParcel.hapTokenInfoForSyncParams = info;
482 data.WriteParcelable(&tokenInfoParcel);
483 EXPECT_EQ(0, callback.OnRemoteRequest(
484 static_cast<uint32_t>(TokenSyncCallbackInterfaceCode::UPDATE_REMOTE_HAP_TOKEN_INFO),
485 data, reply, option));
486 EXPECT_EQ(0, reply.ReadInt32());
487 setuid(0); // root uid
488 }
489
490 /**
491 * @tc.name: TokenSyncCallbackTest001
492 * @tc.desc: TokenSyncCallback inner call
493 * @tc.type: FUNC
494 * @tc.require:
495 */
496 HWTEST_F(AccessTokenCoverageTest, TokenSyncCallbackTest001, TestSize.Level1)
497 {
498 TokenSyncCallback callback(nullptr);
499 EXPECT_EQ(nullptr, callback.tokenSyncCallback_); // test input
500
501 std::shared_ptr<TokenSyncKitInterface> ptr = std::make_shared<TokenSyncCallbackImpl>();
502 std::shared_ptr<TokenSyncCallback> callbackImpl = std::make_shared<TokenSyncCallback>(ptr);
503 EXPECT_NE(nullptr, callbackImpl->tokenSyncCallback_);
504 EXPECT_EQ(FAKE_SYNC_RET, callbackImpl->GetRemoteHapTokenInfo("test", 0)); // test input
505 EXPECT_EQ(FAKE_SYNC_RET, callbackImpl->DeleteRemoteHapTokenInfo(0)); // test input
506 HapTokenInfoForSync info;
507 EXPECT_EQ(FAKE_SYNC_RET, callbackImpl->UpdateRemoteHapTokenInfo(info)); // test input
508 }
509 #endif // TOKEN_SYNC_ENABLE
510
511 /**
512 * @tc.name: GetPermissionManagerInfo001
513 * @tc.desc:
514 * @tc.type: FUNC
515 * @tc.require:
516 */
517 HWTEST_F(AccessTokenCoverageTest, GetPermissionManagerInfo001, TestSize.Level1)
518 {
519 PermissionGrantInfo info;
520 AccessTokenKit::GetPermissionManagerInfo(info);
521 ASSERT_EQ(false, info.grantBundleName.empty());
522 }
523
524 } // namespace AccessToken
525 } // namespace Security
526 } // namespace OHOS
527